Unsigned DLL File Vulnerability in JetBrains Rider
CVE-2019-14960

7.8HIGH

Key Information:

Vendor: Jetbrains
Status: Rider
Vendor: CVE Published:; 1 October 2019

Summary

The JetBrains Rider application prior to version 2019.1.2 was found to utilize an unsigned DLL file, specifically JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll. This vulnerability potentially exposes the application to various security risks as it allows for the execution of unverified code, which could lead to unauthorized actions within the software environment. It is crucial for users to update their JetBrains Rider installations to the latest version to mitigate any associated security threats.

References

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2019
Vulnerability Reserved
Aug 12, 2019